A new ransomware group called FunkSec that emerged in late 2024 claims to have targeted 85 victims in December alone, according to Check Point Research (CPR).
CPR noted in a January 10 report that FunkSec operators appear to be using AI-assisted malware development.
CPR noted that this AI capability will allow even inexperienced actors to quickly create and refine advanced tools.
Public information about FunkSec
FunkSec, which bills itself as a new ransomware-as-a-service (RaaS) operation, appears to have no known ties to previously identified ransomware gangs.
There is currently little information about its origins and activities.
Check Point noted that the group uses dual extortion tactics that combine data theft and encryption to pressure victims into paying ransoms.
Little known until December 2024, the group released victim data for over 85 organizations that month, outpacing the activity of all other ransomware groups.
The group’s data breach sites reveal victims across all continents.
Despite the large number of victims, a significant portion of the data sets leaked by the group appear to have been reused from previous hacktivism campaigns, raising questions about the veracity of their claims. are.
Check Point researchers said the group demanded unusually low ransoms (as much as $10,000 in some cases) and sold the stolen data to third parties at a discount.
Low-skilled operators are linked to hacktivist groups
Despite the high number of publicly disclosed victims, Check Point researchers believe the reality of FunkSec’s impact is modest, both in terms of actual victims and the group’s level of expertise. I rated it.
Researchers determined that the FunkSec activity was likely carried out by inexperienced actors involved in hacktivist operations.
The ransomware group’s tools incorporate tools commonly associated with hacktivist activity.
FunkSec products include custom-developed distributed denial of service (DDoS) tools, tools designed for remote desktop management, automation, and data interaction, and smart password generation and scraping tools.
Check Point’s analysis of the group’s public operations and tools revealed a custom encryption device likely developed by a relatively inexperienced malware author based in Algeria.
CPR commented that some of the ransomware group’s tools were likely developed using AI-assisted development solutions.
This use of AI assistance “may have resulted in rapid iteration despite the authors’ apparent lack of technical expertise,” the researchers wrote.
FunkSec leveraged multiple personas to increase visibility and sought to work with several now-defunct hacktivist groups, including Ghost Algéria and Cyb3r Fl00d.
The group also appears to be targeting organizations in countries allied with or supporting Israel.
Read now: Why hacktivists are joining the ranks of ransomware
